Securus – Yubikey 2 Factor Authentication plugin for WordPress

Attention! This plugin requires you a YubiKey!! If you do not have one (which you should!!) Do NOT buy this plugin!!

You can pickup a Yubikey at yubico.com – I highly recommend Yubikey Neo. This plugin works best with Neo, but also works with Yubikey Standard and Nano.

2 Factor Authentication can be setup on a user by user basis.

Translation Ready – including POT files.

Communicates with YubiCloud over a secure connection at no additional cost.

Captures users OTP (One Time Password) and make sure it belongs to the user, then validates the OTP via the YubiCloud redundant servers.

If a user does not have a Yubikey Neo they can disable 2 Factor Authentication for mobile devices.

If a user has a Neo configured to transmit an OTP via NFC (Near Field Communication) no need to disable Securus for mobile devices.

Can register up to 3 keys per account.

Ajaxed Login form – non 2 Factor users will never even know Securus is monitoring the login form.

After entering your Username and Password, Securus checks your profile to see if you have Securus setup and if so, displays a OTP field on the login form without reloading the page.

After you enter your OTP, Securus runs a pre-validation check of your username, password, and OTP to make sure everything is accurate. Once verified, it submits the form and lets WordPress go though the login process and fully validates the OTP on the YubiCloud.

If a user disables JS – Securus falls back to pure PHP based 2 Factor Authentication. Securus uses JavaScript as an enhancement – not a replacement.

Securus also includes a configurable IP based User Lockout feature. If a user tries to login too many times with invalid credentials Securus will lock the user out for a pre-configured time.

Securus does not add additional tables or columns to your WordPress database.